Recent high profile security breaches involving retailers like Target and Neiman Marcus mean that people are increasingly aware they may be vulnerable when shopping online. Yet many don't fully understand the landscape that lies behind hacking and why it’s such a lucrative business.
With Christmas and its associated e-commerce peak fast approaching we spoke to Kelly Yee, Vice President of secure email provider Penango who has a wealth of security systems experience in both the public and private sectors. Here are her views on how hackers work and how we can guard against becoming victims over the holiday season.
Hackers claim to have stolen the login details of almost seven million Dropbox users. Having released a teaser file on Pastebin with details of around 400 accounts they’re offering to release more in exchange for a Bitcoin ransom.
Like the Snapchat photo leak it seems that this information has come from insecure third-party services rather than from Dropbox itself.
According to research by Imperva, WordPress websites were attacked 24.1 percent more often than websites running on all other CMS platforms combined.
WordPress websites suffer 60 percent more XSS incidents than all other CMS platforms, and the research found that while WordPress is more likely to suffer fewer numbers of incidents for each attack type, it also suffers a higher traffic volume for each attack type.
There have been various headlines recently about cloud security breaches -- including the celebrity 'event' that shall not be named -- and the latest problem to hit the cloud affects Dropbox users.
This time around it's not a security problem, but it does involve losing control of one's files. A problem with the Selective Sync feature of some older versions of the Dropbox desktop app meant that files were deleted rather than synced. It's a problem that Dropbox users have been complaining about for a little while but the cloud storage provider has now confirmed the bug and issued assurances that the problem has been addressed.
After all of the recent stories related to the Fappening you could be forgiven for thinking that stories about leaks of nude photos were becoming passé.
That didn't stop the media going into overdrive at the weekend when news emerged of 100,000 (or 200,000 depending on where you read the story) images from disposable message service Snapchat being leaked online.
In the wake of the Fappening, online porn and nudity has been thrust into the public consciousness once again. But porn is about much more than titillating celebrity photos -- even if research shows that we're finding it easier to waste our time online when we should be getting on with work. Revenge porn is on the rise, and steps are being taken to try to thwart its progress. As the Fappening showed us, taking saucy pictures of oneself or partner is far from uncommon. This is fun and exciting in the middle of a relationship, but if that relationship should break down, there's no knowing what could happen to those pictures and videos.
Disgruntled partners may decide to get revenge on their former lovers by sharing those intimate photos and movies online, or it may be obtained by a third party and used as a tool for bribery. Many US states have outlawed the practice, and now the UK is following suit.
There must be something in the air at the moment -- everyone seems to be splitting up. eBay and PayPal decided that it would be better to go it alone, and then HP announced it would be splitting into consumer and enterprise companies. Symantec now reveals that it plans to divide into two independent companies, one focusing on security, and the other on storage.
President and CEO, Michael A. Brown, says that the two markets face their own sets of unique challenges and by splitting in two, each business will have the flexibility needed to respond accordingly.
In an era of increasing security threats the password is often the weakest link that allows attackers a way into a system posing as a legitimate user.
A new infographic from security company Ping Identity looks at the problem of poor passwords and how in the future they may give way to more sophisticated forms of authentication.
Back in the 1980s, when I was the networking editor at InfoWorld, one of my jobs was to write profiles of corporate networks. One of those profiles was of the Adolph Coors Brewing Company of Golden, Colorado, now known as Molson Coors Brewing. I visited the company’s one brewery at the time, interviewed the head of IT and the top network guy, then asked for a copy of the very impressive network map they had on the wall.
"Sorry, we can’t give you that," they said. "It’s private".
According to a new survey UK consumers increasingly fear the pace of change they face and are particularly cynical about the need for connected, "Internet of Things" devices.
According to the survey of over 1,600 consumers by UK-based audit and accounting specialist KPMG, more than half of people (58 percent) resent the idea that computers seem to run their lives. Also 70 percent suggest that with the marketplace flooded by inter-connected devices, it's too easy for things to go wrong. The survey reveals a hankering for a return to 'simple' technology. Many, for example, mainly want their phone to make calls (54 percent) and the majority think that more advanced internet-based products such as smart fridges which self-order food or cookers reminding owners about recipes aren't needed.
Apple is now the most-phished brand according to the latest report from the Anti-Phishing Work Group (APWG).
Based on data from the first half of 2014, 17.7 percent of all phishing attacks were aimed at the Cupertino-based firm, with PayPal in second and Chinese shopping site Taobao claiming third place.
It has been said that we are living in a post-NSA world. What this really amounts to is that we are now slightly more aware of the level of snooping that has been going on in the background for many years. There has been widespread outrage at the revelations made by Edward Snowden, and there have been similar concerns raised outside of the US. In the UK, the FBI-like National Crime Agency, wants greater powers to monitor emails and phone calls -- and it wants the public to agree to this.
Director General of the NCA, Keith Bristow, spoke with the Guardian and said that the biggest threats to public safety are to be found online. He said that more powers to monitor online data is needed, and suggested that public resistance to this was down to the fact that he had thus far failed to properly explain why such powers are needed.
The main problem that organizations face when combating cyber attacks is that they don't know what to look for and find it difficult to interpret all the data they get from their networks.
Big data analytics company Exabeam has a new product that can cut through the forest of data to make it easier to detect attacks and insider threats in real time using existing security information and event management (SIEM) details.
Almost two-thirds of senior IT professionals say that their enterprise Java applications contain 50 percent or more third-party code.
These are findings from application security company Waratek based on a survey of attendees at last week's JavaOne conference. However, despite recent high profile vulnerabilities in third-party code, like Shellshock and Heartbleed, nearly 80 percent of respondents still believe their java apps are secure.
There are few companies who fail to find themselves under the privacy microscope at some point, but Microsoft is one that is the center of attention more than many. Whilst taking steps to allay fear about a keylogger in Windows 10, the company has signed the Student Privacy Pledge, joining big names from the world of education such as Follett, Learnmetrics, and Knovation. The pledge means that Microsoft will use personal information about students to help better tailor learning packages, but it won't be used for advertising, or sold to third parties.
Anthony Salcito, Microsoft's Vice President for Worldwide Education, announced the move at the Future of Privacy Forum (FPF) and the Software & Information Industry Association (SIIA) launched the pledge to help protect students.